fkie_cve-2006-4340
Vulnerability from fkie_nvd
Published
2006-09-15 18:07
Modified
2024-11-21 00:15
Severity ?
Summary
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.
References
secalert@redhat.comftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
secalert@redhat.comhttp://secunia.com/advisories/21903Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/21906Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/21915Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/21916Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/21939Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/21940Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/21949Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/21950Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22001Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22025Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22036Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22044
secalert@redhat.comhttp://secunia.com/advisories/22055Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22056
secalert@redhat.comhttp://secunia.com/advisories/22066
secalert@redhat.comhttp://secunia.com/advisories/22074Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22088Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22195
secalert@redhat.comhttp://secunia.com/advisories/22210Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22226Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22247Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22274Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22299Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22342Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22422Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22446Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22849
secalert@redhat.comhttp://secunia.com/advisories/22992
secalert@redhat.comhttp://secunia.com/advisories/23883
secalert@redhat.comhttp://secunia.com/advisories/24711
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200609-19.xml
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200610-01.xml
secalert@redhat.comhttp://securitytracker.com/id?1016858
secalert@redhat.comhttp://securitytracker.com/id?1016859
secalert@redhat.comhttp://securitytracker.com/id?1016860
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
secalert@redhat.comhttp://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
secalert@redhat.comhttp://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
secalert@redhat.comhttp://www.debian.org/security/2006/dsa-1192
secalert@redhat.comhttp://www.debian.org/security/2006/dsa-1210
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
secalert@redhat.comhttp://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:168
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:169
secalert@redhat.comhttp://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
secalert@redhat.comhttp://www.mozilla.org/security/announce/2006/mfsa2006-60.html
secalert@redhat.comhttp://www.mozilla.org/security/announce/2006/mfsa2006-66.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_54_mozilla.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_55_ssl.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2006-0675.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2006-0676.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2006-0677.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/archive/1/446140/100/0/threaded
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-350-1
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-351-1
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-352-1
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-354-1
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-361-1
secalert@redhat.comhttp://www.us-cert.gov/cas/techalerts/TA06-312A.htmlUS Government Resource
secalert@redhat.comhttp://www.us.debian.org/security/2006/dsa-1191
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/3617
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/3622
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/3748
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/3899
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/0293
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/1198
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/0083
secalert@redhat.comhttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
secalert@redhat.comhttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/30098
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-640
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21903Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21906Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21915Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21916Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21939Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21940Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21949Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21950Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22001Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22025Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22036Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22044
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22055Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22056
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22066
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22074Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22088Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22195
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22210Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22226Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22247Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22274Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22299Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22342Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22422Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22446Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22849
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22992
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23883
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24711
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200609-19.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200610-01.xml
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016858
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016859
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016860
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1192
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1210
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
af854a3a-2127-422b-91ae-364da2661108http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
af854a3a-2127-422b-91ae-364da2661108http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_55_ssl.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0675.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0676.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0677.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/446140/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-350-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-351-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-352-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-354-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-361-1
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA06-312A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us.debian.org/security/2006/dsa-1191
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3617
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3622
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3748
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3899
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0293
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1198
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0083
af854a3a-2127-422b-91ae-364da2661108http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
af854a3a-2127-422b-91ae-364da2661108http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-640
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007
Impacted products
Vendor Product Version
mozilla firefox *
mozilla network_security_services *
mozilla seamonkey *
mozilla thunderbird *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "553BE4FA-523B-4AED-90D4-6FFCFD91E4F8",
              "versionEndIncluding": "1.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61D6DE3-BD82-4A09-9537-806FAEEA8FB5",
              "versionEndIncluding": "3.11.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DCE4360-4064-47F8-B4B1-12D15D31BE13",
              "versionEndIncluding": "1.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C246DC3-0BAF-4FE2-B160-EE223E8F3CD2",
              "versionEndIncluding": "1.5.0.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.  NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462."
    },
    {
      "lang": "es",
      "value": "La librer\u00eda Mozilla Network Security Service (NSS) anterior a 3.11.3, usada en Mozilla Firefox anterior a 1.5.0.7, Thunderbird anterior a 1.5.0.7, y SeaMonkey anterior a 1.0.5, cuando se usa una llave RSA con exponente 3, no maneja correctamente los datos en una firma, lo que permite a atacantes remotos falsificar firmas para SSL/TLS y certificados de correo electr\u00f3nico; una vulnerabilidad muy similar a la CVE-2006-4339. NOTA: el 7/11/2006, Mozilla public\u00f3 un aviso afirmando que estas versiones no estaban completamente parcheadas por MFSA2006-60. Las nuevas correcciones para 1.5.0.7 se tratan en CVE-2006-5462."
    }
  ],
  "id": "CVE-2006-4340",
  "lastModified": "2024-11-21T00:15:43.160",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-15T18:07:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21903"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21906"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21915"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21916"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21939"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21940"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21949"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21950"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22001"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22025"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22036"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22044"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22055"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22066"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22074"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22088"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22195"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22210"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22226"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22247"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22274"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22299"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22342"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22422"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22446"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22849"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22992"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23883"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24711"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1016858"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1016859"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1016860"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2006/dsa-1192"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2006/dsa-1210"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-350-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-351-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-352-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-354-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-361-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.us.debian.org/security/2006/dsa-1191"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/3617"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/3622"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/3748"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/3899"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/0293"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/1198"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-640"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-350-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-351-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-352-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-354-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-361-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.us.debian.org/security/2006/dsa-1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.